NEW IN RELEASE 154
IQ Server can be configured to run on multiple nodes with Active-Active Clustering to limit downtime. The architecture of this clustering model consists of more than two nodes that operate simultaneously.
The installation requirements and architecture for IQ Server described here are designed to protect your on-premise IQ Server installations from scenarios such as:
- Node/server failure within a data center
- IQ Server service failure
We have thoroughly tested and verified the functionality and performance of the Sonatype IQ Server with the named third-party tools, technologies, and platforms mentioned in this section. Using other equivalent technologies and platforms may not result in the exact same outcomes, and is not supported by Sonatype.
On this page
- Requirements for HA installation on-premises
- Reference Architecture
- Steps to Implement the Reference Architecture
- Running the Kubernetes Cluster
- Overrides for Helm Chart
Requirements for HA installation on-premises
In addition to the general requirements, here are the specific requirements for high-availability on-premise deployments:
- A tool/utility to set up Kubernetes clusters
- example: Kops
- A tool/utility to customize Kubernetes objects
- example: Kustomize
- Bare metal/virtual machines to be configured as nodes
Steps to Implement the Reference Architecture
Refer to the README to review the implementation details.
Step 1 - Setting up the database
Set up a PostgreSQL database and ensure that the worker nodes within the Kubernetes cluster, can communicate with it. We recommend one that is also set up for high availability.
Step 2 - On-premises Kubernetes cluster
Set up a Kubernetes cluster consisting of at least 2 nodes, each running an instance of IQ Server.
Step 3 - Storage file system
IQ Server HA is designed to have access to a shared cluster directory to save scans and report files.
We recommend using an NFS Persistent Volume (PV) for the shared cluster directory with performance similar to that of Amazon EFS.
Step 4 - Kubernetes Namespace - optional
Create a separate Kubernetes namespace for IQ Server HA by using the kubectl tool:
kubectl create namespace <namespace>
Alternatively, you can use the default namespace.
Step 5 - Ingress Controller - optional
Install an Ingress Controller in your Kubernetes cluster and configure it to allow the automatic provisioning of resources. The Helm chart can install the ingress-ngnix controller by setting the ingress enabled flag to true.
Step 6 - Install Helm Chart
Install the latest Helm chart from the IQ Server HA Helm chart repository, with the correct settings for the parameters.
Running your Kubernetes Cluster
Follow the steps in the latest README for running the Kubernetes cluster.
Overrides for Helm Chart
Customization or override of some settings in the Helm chart will be required, to match IQ Server HA deployment requirements.
Use a –set flag (or--set-file) to override the Helm chart settings as specified in the README.
Below is a list of Helm chart overrides (refer to README for implementation details):
- IQ Server License
- An IQ Server license that supports the HA feature must be pre-installed.
- Database configuration
- Shared file system
- To share data between IQ Server pods, such as scans, reports, component details, advanced search index, etc.
- Load Balancer
- A load balancer must be configured to allow and route external requests to IQ Server pods.
- Transport Layer Security (TLS) certificate and key (optional)
- Unified logging layer - Fluentd
- IQ Server docker image version (as specified in the Helm chart)
- IQ Server configuration parameters (optional)